Options

Feature Request - Ability to turn off features and traffic sent to WatchGuard cloud

DHMDHM
edited February 2022 in Firebox - Product Enhancements

We have observed in the latest firmware that a lot of traffic that is sent to a local Dimension server is now being sent to WatchGuard's cloud. Specifically, Traffic Monitoring is now on the cloud in real-time. This presents an issue for networks that need to be highly secured and there seems to not be options to turn this off, except for turning cloud participation all together, which would turn features off like AuthPoint. We would like WatchGuard to implement a list of options inside the Firebox where the user can select what information will be sent to the cloud. Not having this capability is forcing us to reconsider continuing to use WatchGuard products in the future. Thank you.

Comments

  • Options
    rv@kaufmann.dkrv@kaufmann.dk

    You can disable cloud logning for a device on the cloud web interface.

  • Options
    DHMDHM
    edited February 2022

    @rv@kaufmann.dk said:

    You can disable cloud logning for a device on the cloud web interface.

    We did see this but we saw that Traffic Monitor information was available via the cloud GUI, which could mean this information could be exposed to other parties; this is the issue at hand. We will talk to Watchguard and discuss.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @DHM
    If this is a concern, I'd suggest creating a support case so we can address any concerns you have.

    I'd suggest that if this is a concern you should consider locally managing your firewall, as your configuration, and other data is also going to live on the cloud. The Dimension Command feature allows you to manage your firewall from a locally installed Dimension server, for example.

    -James Carson
    WatchGuard Customer Support

  • Options
    DHMDHM

    Hi @james.carson
    I will look into the Dimension Command feature and see if it can be applied in our environment.

    We did reach to Watchguard and we had a meeting where we discussed the issue and it is now understood that due to strict compliance needs it may require a feature request release to be able to harmonize with these strict compliance directives.

  • Options
    Tristan.ColoTristan.Colo

    If you are fully worried you can always switch AuthPoint to RADIUS and then shut down the cloud integration. That said your portal can be protected with MFA and all data sent there is over 443....

    WatchGuard Cloud (specifically Visibility) was created so that servers didn't need to be spun up all the time for firewall logs and reports.

    Dimension Command is OK, I prefer the WatchGuard Management server to Dimension Command since it uses Policy Manager instead of Web UI.

    Any-who... not sure how the portal that hosts your user Authentication isn't good for firewall logs but hopefully you are able to get a solution found...

Sign In to comment.